Privatefirewall VERSION 7.0.20.47

Discussion in 'other firewalls' started by MasterTB, Jun 25, 2010.

Thread Status:
Not open for further replies.
  1. pabrate

    pabrate Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    685
    No problem, would be happy to help.
    I can connect it to the other machine but I'm not in the mood to do that right now, maybe later or in day or two.
    You can in the meantime tell me what I need to do when that happens.
    I guess share some folders , make sure that they are visible on both machines , and then try grc or pcflank, am I right ?
    When I do that, I'll try it first with default firewall settings and report it.
    After that you can tell me what settings are you running so we can compare.
     
  2. MasterTB

    MasterTB Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    547
    Location:
    Paran?, Argentina
    @Stem I was reponding to pabrate. I don't recall him being behind a router.
    When I responded I forgot to quote. Sorry for the mistake.

    @pabrate If you do test with a Home Group enabled, be sure to test your machine, if you are behind a router set the PC on the DMZ or what ever security settings you have to bypass to get to actually test your pc.

    Martin.-
     
  3. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    You will need to check your settings.

    I presume you are connected directly to the Internet?
    I have only looked at this on an XP setup, so there may be some difference for other OS?

    Open PF and on the "Main Menu" make sure that both "Internet Security" and "Network Security" are set to "High". Under "Network Security" press "Sites", any IP range you see should be set as "Untrusted Network"

    On the "Applications", double click "Generic Host Process"(svchost) Find the rules(there are 2) that are for "Location service" select one of those rules and then select "Modify" In the popup window, change the rule to "This rule will Deny Traffic", press OK, do the same for the other rule. Then check to see if there are any other rules that are showing port 135, if yes, then make sure they are set to "Deny".



    - Stem
     
  4. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    No problem, Sorry I made an incorrect assumption as to who you where replying to.


    I have been making some scans against this firewall (on an XP setup), out of the box settings do leave the firewall open and certainly not recommended for direct connection to the Internet.


    - Stem
     
  5. pabrate

    pabrate Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    685
    I'm not behind a router.
    I have cable modem there for net connection.

    OK, I'll report when I do that.
     
  6. drakhil

    drakhil Registered Member

    Joined:
    Jun 27, 2010
    Posts:
    24
    my private firewall in present settings passes all tests
     
  7. papasmurf

    papasmurf Registered Member

    Joined:
    Jul 4, 2010
    Posts:
    28
    Location:
    Pacific Northwest USA
    Ok, after much scanning, and finally getting a couple of programs that I can use
    myself to see what is going on, my ports seem to be closed/secure.
    My home profile is set Internet Security--high and Network Security---low.

    I have my net security low because I do have local file sharing among my
    wife and sons' laptop systems. I have an external drive connected to my system
    that they both access for movies, games, music, and whatever else I dump into
    it.

    So, after quite a few hours of probing/scanning, i have determined that my system
    is probably as secure as I can get it with out hiring an IT dept. :argh::argh::argh:

    Here is a screenshot for the heck of it.

    doublescan1.jpg
     
  8. pabrate

    pabrate Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    685
    @MasterTB,

    I did it and all ports are stealthed.
    Scenario :
    Main machine : Win7 32-bit , IP address : 192.168.0.1 , shared two folders
    Second machine : WinXP , IP address : 192.168.0.2 , shared two folders

    PrivateFW detected 192.168 network and I put it in Trusted network.
    I can see all shared folders both from main and other machine, everything works fine.

    Then on Main machine I tested open ports with Pcflank (advanced port scanner) and all ports are stealthed.
    Then I tried GRC ShieldsUP with All Service Ports test and it was all green.

    PrivateFW was not touched after installation so everything is like it comes (default).

    if I missed something or you want me to try something let me know.
     
  9. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,317
    Location:
    Hawaii
    Has anyone tested PFW as to how well its HIPS component does with respect to alerting the user to keylogger threats?

    A very good, multi-faceted keylogger test is at...
    HERE -- scroll to bottom where you see "Test security of your PC" -- under that is a download link for the test.

    I would test PFW myself but -- due to tech problems -- I'm not set up for testing right now. (sigh)

    I hope someone feels inclined to test PFW. (Online Armor does well against keyloggers. I hope PFW does as well or better.)
     
  10. chinook9

    chinook9 Registered Member

    Joined:
    Jan 27, 2008
    Posts:
    444

    Just tried it on my other XP SP3 machine. Keylogging was prevented but Webcam capture, Screenshot, Clipboard monitoring, System Protection (registry value added), and sound record all failed.

    I'll try it a couple more times later to see if the same results are replicated.


    EDIT: Also, didn't hear a peep out of Microsoft Security Essentials which I have on that machine.
     
    Last edited: Jul 7, 2010
  11. MasterTB

    MasterTB Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    547
    Location:
    Paran?, Argentina
    I don't know what to tell you.
    I'm glad that you have all tests passed but your setup and mine are not the same. I don't share folders individually, I enable Home Group and windows automatically shares all libraries that I tell it to share, that also enables Multimedia Streaming on the Home LAN via the WMP Network Services -which is one of the services causing problems-.

    I have tested my setup against all web tests with the Windows Firewall -all Stealth- PC Tools -all stealth- an with PFW with the results shared here.

    I guess having the Home Group enabled makes windows more susceptible to answer to unsolicited requests and thus the firewall allows them because Microsoft's apps are on the trusted side.

    I did test PFW on a friends machine with XP SP3, and some shares -he brought the PC over- and he had all stealth. So I guess -again- the issue is related to how the Home Group works and how windows and PFW interact when that happens.

    I will share this on my support ticket with Privacyware to see what they tell me about it.

    Attached you'll see a txt from Microsoft with ports and requirements necessary to make a Home Group work, and it is far more complicated than people thinks.

    Thanks for all the testing you've done.
     

    Attached Files:

  12. pabrate

    pabrate Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    685
    I think Home Group was enabled but I'll try it again and confirm that it is enabled. I'll make a screenshot.
    Since I never used Home Group I forgot to do that, instead I did it old way (both computers are on same workgroup, fodlers are shared manually, I access computers via Network->Workgroups, login screen appears, I enter login details) and that's that.

    But even if it wasn't enabled, sharing was working, so in order for that to work ports must be open (137,139) , so for testing perposes I think it's kind of same doing it with or without Home Group.
     
  13. MasterTB

    MasterTB Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    547
    Location:
    Paran?, Argentina
    Yes pabrate but, on that case, the service using ports 135, 137, 139 and or 445 on some cases is Svchost, and what is causing problems in PFW is a rule for System Services that enables incoming connections for Netbios Sessions (client), Microsoft DS (Server) and Microsoft DS (Client), including occasionally also for WMP Network Service on port 554 that's why you have stealth and I don't at least that is what we (Support for PFW and I) have come to understand from all this issues.

    I don't think it is an isolated issue happening to just me because they are heavily looking into it.

    In any case, following their advice I have managed to close all holes and secure my systems for the time being, hoping that the next version will improve on rules handling.
     
  14. pabrate

    pabrate Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    685
    You are right, we have something going on here.
    Home Group is enabled, I can't join it from other machine because there is no Win7 installed but that's not important for this.
    First I tested with PCFlank (but only standard ports, should have done full but it's ok).
    GRC ShieldsUP found two ports open.
    I'm pretty sure I've covered everything but if there is something else you want me to try please let me know.
    And because pictures says more than words, here they are :
     

    Attached Files:

  15. Kyle1420

    Kyle1420 Registered Member

    Joined:
    May 27, 2008
    Posts:
    490
    Just a question..
    From what I understand - PFW should complete training before being tested, is that right? I've seen a few videos which test it straight out the box day 1 and thought that it was the wrong way to go out it.
     
  16. papasmurf

    papasmurf Registered Member

    Joined:
    Jul 4, 2010
    Posts:
    28
    Location:
    Pacific Northwest USA
    Rofl..well..tried to download it...see the screenshot for the results. :argh:

    virwarn.jpg
     
  17. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,317
    Location:
    Hawaii
    It's an FP. AntiTest is a Proof of Concept (POC) that IMITATES several types of keyloggers. It also imitates certain types of malware in order to test System Protection.

    These are imitations -- not really malware. Avira's heuristics or behavioral module(either one or both) will almost always pop an alert on POCs. POCs act like, smell like, & look like malware because -- if they didn't -- there would be no test.
     
  18. papasmurf

    papasmurf Registered Member

    Joined:
    Jul 4, 2010
    Posts:
    28
    Location:
    Pacific Northwest USA
    LOL, oh, I am certain that the file is a simulation..kinda like the test code for Eicar.
    It is just nice to know that my stuff is working :)
     
  19. MasterTB

    MasterTB Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    547
    Location:
    Paran?, Argentina
    Ok.

    I received a mail from Greg at PFW Support and this is what they've been up to:

    "...Aside from the default rules issue, we are grappling with enhanced packet inspection and, of course, IPv6 support, so have our hands full. My guess is that we’ll have an intermediate update that at least addresses some of the logic in the default rules (if nothing else, tightening the logic up for the remote profile, as you even suggested). I’ll keep you posted..."

    I hope he doesn't mind me posting this but I promised to keep everyone posted.
    I believe this also answers to johncage who asked If they planned to support IPv6..

    Martin.-
     
  20. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,317
    Location:
    Hawaii
    Thanks for the update.

    I am hoping that they will also make a way for us to export/save PFW's rules & configs.
     
  21. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,317
    Location:
    Hawaii
    Hola Stem,
    The potential import of your post just now sunk into my pea brain.

    What do you mean by "not recommended for direct connection to the Internet."? Are you saying that PFW gives inadequate protection in default mode? If so, PLEASE share your recommended settings.
     
  22. paul1149

    paul1149 Registered Member

    Joined:
    Aug 3, 2010
    Posts:
    23
    I used to use Kerio 2.15, and it was perfect for my needs. But it proved to be incompatible with XP sp3 on both of my machines, so I went FW shopping.

    I then ran PCTools Plus firewall, but it started freezing on me when I went to look at Applications in it. That, plus only paid support and no forum access (my email address was banned, though I can't remember ever posting there, and certainly not doing anything wrong) led me to uninstall it.

    Now I'm on PrivateFirewall, and it seems to be doing what I want - basic protection, HIPS, and light weight.

    The only limitation I just discovered is that there is no way to see transfer rates in real time. I've noticed a frequent small access of the Internet - maybe every six seconds and lasting one second. An Avast scan came up empty, and I don't think I have a security problem, but I want to know what is accessing the Net so often, and I don't see how to do it in PFW.
     
  23. dread

    dread Registered Member

    Joined:
    May 18, 2004
    Posts:
    195
    Just tried this firewall. I ditched KIS because of it making my system lag. I got this firewall and trying MSE. I like it but I am getting disconnected every so often. I have the firewall set to ask me when a program tries to get on the net. I wish they had more support than just opening a support ticket, like a forum.
     
  24. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    976
    Try process monitor from Sysinternals. Any packet sniffer should work as well... probably even SmartSniff from NirSoft.
     
  25. paul1149

    paul1149 Registered Member

    Joined:
    Aug 3, 2010
    Posts:
    23
    I probably will need to use another app to do this. Process Monitor seems a bit heavy for my needs though. I just want to see which connections are transferring at what rates.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.